package com.liu.lsm.sys.shiro;

import cn.hutool.core.bean.BeanUtil;
import com.liu.lsm.sys.entity.User;
import com.liu.lsm.sys.service.UserService;
import com.liu.lsm.utils.JwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Slf4j
@Component
public class AccountRealm extends AuthorizingRealm {

    @Autowired
    JwtUtils jwtUtils;

    @Autowired
    UserService userService;

    @Override
    public  boolean supports(AuthenticationToken token){
        return  token instanceof JwtToken;
    }



    // 授权:Authorization
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        log.info("执行doGetAuthorizationInfo方法进行授权");
//        String username = JwtUtil.getUsername(principalCollection.toString());
        log.info(principalCollection.toString());
//        log.info("登录的用户:" + username);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        AccountProfile accountProfile = (AccountProfile)principalCollection.getPrimaryPrincipal();
        String[] roles = accountProfile.getRole().split(",");
        log.info("roles");
        for(String role : roles){
            info.addRole(role);
            if(role.equals("role_root")){
                info.addStringPermission("user:create");
                info.addStringPermission("user:update");
                info.addStringPermission("user:read");
                info.addStringPermission("user:delete");
            }
            else if( role.equals("role_admin")){
                info.addStringPermission("user:read");
                info.addStringPermission("user:create");
                info.addStringPermission("user:update");
            }
            else if( role.equals("role_user")){
                info.addStringPermission("user:read");
                info.addStringPermission("user:create");
            }
            else if(role.equals("role_guest")){
                info.addStringPermission("user:read");
            }
        }


        return info;
    }

    // 认证:Authentication
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        JwtToken jwtToken = (JwtToken) authenticationToken;
        String userId = jwtUtils.getClaimByToken((String) jwtToken.getPrincipal()).getSubject();
        //从token中获得userId

        User user = userService.getById(Integer.valueOf(userId));
        if(user ==null){
            throw new UnknownAccountException("账户不存在");
        }
        //将user中的敏感信息剥离

        AccountProfile profile = new AccountProfile();
        BeanUtil.copyProperties(user,profile);

        return  new SimpleAuthenticationInfo(profile,jwtToken.getCredentials(),getName());
    }
}
